1. Field of the Invention
The embodiments described herein relate to using a wireless device, such as a cell phone, to pay for a transaction, and more particularly providing secure authentication for such payment transactions.
2. Background of the Invention
As contactless payment systems have become more common, there has been a recent push to enable contactless payment of transactions via a consumer's cell phone. As with contactless payment cards, cell phones are being equipped with a short range Radio Frequency Identification (RFID) chip. A wallet application is then downloaded to the cell phone and a dollar amount is stored in the wallet. To pay for a transaction, the consumer then simply waives their cell phone within a few inches of a special display found in stores that accommodate such a payment mechanism. The special display includes an RFID reader that can access the wallet and deduct the appropriate amount via the RFID chip on the cell phone.
In one such system, the wallet can be charged up, i.e., the dollar amount can be stored in the wallet on the cell phone, by interfacing the cell phone with a special machine. Once the device is interfaced with the machine, the consumer can insert bills into the machine and the wallet on the cell phone will be charged up with the corresponding dollar amount. In other systems, once the wallet application is downloaded to the user's cell phone the user can enroll other associated services such as debit and/or credit cards for transaction payment. These contactless payment cell phones have taken the place of older systems that allow the user to pay for a transaction by punching buttons on the cell phone. Often, the charge for such transactions would then show up on the user's cell phone bill.
Such systems have several draw backs. For example, rolling out machines that interface with a cell phone and accept dollars add significant infrastructure cost for the cell phone carrier or financial institution in charge of the system. Further, seeking out such machines can be time consuming and/or inconvenient, and may limit adoption. Further, downloading applications and enrolling services may also limit adoption if the consumer feels that it is too complicated or too time consuming. Another major draw back to such systems, is the lack of secure authentication involved.
It will be understood that multifactor authentication is preferred for financial transactions. For example, the simplest form of multifactor authentication is two factor authentication in which the transaction is authenticated based on something the consumer has and something the consumer knows. The ubiquitous ATM or debit card is the best example of this. In order for an ATM or debit transaction to be successful, the user must possess their card (something the user has) and know their PIN (something the user knows). Even two factor authentication can virtually eliminate fraudulent transactions.
The systems above, however, are only single factor authentication systems. In other words, the consumer simply needs to have their phone and waive it in front of the special display in order to complete a transaction. Accordingly, there is a risk that the consumer's cell phone can be stolen and then be used to make transactions.
One system tries to avoid this problem of authentication by requiring their user to input a code associated with the item to be purchased and then transmit the code to a pre-defined number, e.g., via a text message. The pre-determined number is associated with a payment system and when the message including the code is received, it will trigger an operator to call the user's cell phone in order to confirm the order. The consumer can then be required to provide a secret PIN to the operator in order to complete the transaction. While such a system may provide better authentication, it eliminates the convenience of fast, contactless payment.